Shell Scripting for Real-Time File Integrity Monitoring

Why Your Server Needs a Watchdog

You blink, and somebody alters your `/etc/passwd`. It happens that fast. Relying on daily scans? That's just giving attackers a 24-hour head start. You need a file integrity monitor bash script. Something that screams the second a file gets touched. No bloated enterprise software. Just clean, raw shell power.

The Secret Weapon: inotifywait

Forget polling. Constantly calculating hashes every five minutes burns CPU. It's sloppy. Enter `inotify-tools`. This little package hooks directly into the Linux kernel. It literally waits for file events. Modify a file? It knows. Delete a config? It knows. We build our ubuntu fim script around this. It’s lightweight, fast, and brutal on intruders.

Writing the Baseline

Before you can catch a thief, you need to know what your house looked like before they broke in. That's your baseline. Our script hashes the critical directories first. `sha256sum` is your best friend here. We map out `/etc`, `/var/www`, or whatever you're protecting. Save those hashes. Lock them down. If a single byte changes later, the new hash won't match. Busted.

Building the Tripwire

Here's where the magic happens. We wrap `inotifywait` in an infinite `while` loop. The script sits quietly in the background. Waiting. The second an event triggers—say, a write or attribute change—it recalculates the hash. Compares it. Mismatch? Boom. The trap snaps shut. This is actual server auditing in real time. Not a report you read on Monday morning.

Screaming for Attention

A monitoring script is useless if it whispers. When that file changes, you need to know immediately. Push the alert to Slack, drop a payload into a Discord webhook, or fire off an email. A simple `curl` command inside your bash script does the heavy lifting. You get the ping on your phone before the attacker even closes their SSH session.